cti-users message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-users] Re: [cti-taxii] TAXII Information Request and Response Proposal
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: ringo <ringowathelet@gmail.com>, "Terry MacDonald" <terry.macdonald@cosive.com>
- Date: Fri, 16 Feb 2018 11:23:44 -0400
Hi Ringo;
First, *thank you* for reviewing and
commenting on our proposal, I think you are the first to do so!
Since the OASIS face-to-face I have
been thinking on this proposal, and I have also come to to the conclusion
that we need to de-couple this whole thing from channels because I don't
want that dependancy, so I agree with your comments. I had already been
planning to change it to add a new "/rfi" TAXII endpoint, to
eliminate the need for a channels. The only reason I haven't made these
changes yet is I haven't had any time to sync with Terry MacDonald (my
co-author on this proposal) and did not want to blind-side him.
That said, *I did not plan to remove
the ability to query via channel*, as I still think this is an important
part of the proposal and it is something Terry has been working for for
a long time. The analogy of a "chat room" for channels is somewhat
accurate; when you publish a message on a channel, anyone who has permissions
to the channel should see the message. The use case is for sharing high-volume
data that is meant to be collated vs. stored, such as sightings, opinions,
and other types such as this "RFI".
Again thanks for the feedback... FYI
though I want to point out that as this is the CTI-users list, if and when
this proposal makes it into the CTI development process (which I hope it
does relatively soon), I won't be able to comment on it here anymore as
at that point only TC members can help with the development.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
From:
ringo <ringowathelet@gmail.com>
To:
CTI-Stix-User <cti-users@lists.oasis-open.org>
Date:
02/16/2018 04:02 AM
Subject:
[cti-users]
Re: [cti-taxii] TAXII Information Request and Response Proposal
Sent by:
<cti-users@lists.oasis-open.org>
Reading the "TAXII Information Request
and Response proposal” challenged my understanding of the purpose of TAXII
channels and how they maybe used.
My understanding of publish-subscribe channels
is that publishers send their data to a channel and
the subscribers pick it from the channel
as they see fit. As opposed to subscribers asking publishers for data through
requests messages, basically a client-server system.
I believe the burden of serving channels/topics/contents/...
should be on the TAXII server not on the publisher.
Are TAXII channels intended to be like
a “chat” rooms for client to exchange structured messages or for them
to be pub/sub of STIX data streaming on the channel?
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]